<?php
require_once ('../libraryfiles/config.php');
$action = isset($_GET ['action']) ? $_GET ['action'] : '';
switch ($action) {
    // To do Add user regiser as a buyer
    case 'register_b' :
        if (empty($_POST ['first_name'])) {
            $error = $lang ['PLEASE_INPUT_FNAME'];
            header("Location: ../create_account.php?error=1");
        } else if (empty($_POST ['last_name'])) {
            $error = 'Please input last name!';
            header("Location: ../create_account.php?error=2");
        } else if (empty($_POST ['last_name'])) {
            $error = 'Please input last name!';
            header("Location: ../create_account.php?error=2");
        } else if (empty($_POST ['title'])) {
            $error = 'Please input title!';
            header("Location: ../create_account.php?error=3");
        } else if (empty($_POST ['user_pass'])) {
            $error = 'Please input password!';
            header("Location: ../create_account.php?error=4");
        } else if (empty($_POST ['confirm_password'])) {
            $error = 'Please input Verify Password!';
            header("Location: ../create_account.php?error=5");
        } else if (empty($_POST ['mobile'])) {
            $error = 'Please input mobile phone!';
            header("Location: ../create_account.php?error=8");
        } else if (empty($_POST ['email'])) {
            $error = 'Please input e-mail!';
            header("Location: ../create_account.php?error=9");
        } else if (empty($_POST ['address'])) {
            $error = 'Please input address!';
            header("Location: ../create_account.php?error=11");
        } else if (empty($_POST ['txt_state'])) {
            $error = $lang ['PLEASE_SELECT_PROVINCE'];
            header("Location: ../create_account.php?error=12");
        } else if (empty($_POST ['selectionDistrict'])) {
            $error = $lang ['PLEASE_SELECT_DISTRICT'];
            header("Location: ../create_account.php?error=14");
        } else if (!(@$_SESSION ['security_code'] == $_POST ['security_code'] && !empty($_SESSION ['security_code']))) {
            // Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
            $error = 'Sorry, you have provided an invalid security code!';
            header("Location: ../create_account.php?error=13");
        } else {
            add_user();
        }
        break;

    // To do Edit user buyer
    case 'edit_b' :
        Edit_buyer();
        break;

    case 'register_s' :
        if ($_POST ['fname'] == '' || $_POST ['fname'] == null) {
            $error = 'Please input first name!';
            header("Location: ../create_account.php?error=1");
        } else if ($_POST ['lname'] == '' || $_POST ['lname'] == null) {
            $error = 'Please input Last name!';
            header("Location: ../create_account.php?error=2");
        } else if ($_POST ['title1'] == '' || $_POST ['title1'] == null) {
            $error = 'Please input title!';
            header("Location: ../create_account.php?error=3");
        } else if ($_POST ['pass'] == '' || $_POST ['pass'] == null) {
            $error = 'Please input password!';
            header("Location: ../create_account.php?error=4");
        } else if ($_POST ['cpass'] == '' || $_POST ['cpass'] == null) {
            $error = 'Please input verify password!';
            header("Location: ../create_account.php?error=5");
        } else if ($_POST ['sec_word'] == '' || $_POST ['sec_word'] == null) {
            $error = 'Please input security word!';
            header("Location: ../create_account.php?error=6");
        } else if ($_POST ['cmobile'] == '' || $_POST ['cmobile'] == null) {
            $error = 'Please mobile telephone!';
            header("Location: ../create_account.php?error=7");
        } else if ($_POST ['cphone'] == '' || $_POST ['cphone'] == null) {
            $error = 'Please mobile phone number!';
            header("Location: ../create_account.php?error=8");
        } else if ($_POST ['uemail'] == '' || $_POST ['uemail'] == null) {
            $error = 'Please input Email!';
            header("Location: ../create_account.php?error=9");
        } else if ($_POST ['cemail'] == '' || $_POST ['cemail'] == null) {
            $error = 'Please input verify Email!';
            header("Location: ../create_account.php?error=10");
        } else if ($_POST ['caddress'] == '' || $_POST ['caddress'] == null) {
            $error = 'Please input your address!';
            header("Location: ../create_account.php?error=11");
        } else if ($_POST ['ccountry'] == '' || $_POST ['ccountry'] == null) {
            $error = 'Please input your country!';
            header("Location: ../create_account.php?error=12");
        } else if ($_POST ['file_image'] == '' || $_POST ['file_image'] == null) {
            echo 'Please input your company logo!';
            header("Location: ../create_account.php?error=19");
        } else if ($_POST ['location'] == '' || $_POST ['location'] == null) {
            echo 'Please input your company location!';
            header("Location: ../create_account.php?error=20");
        } else if ($_POST ['pharmacy_fax'] == '' || $_POST ['pharmacy_fax'] == null) {
            echo 'Please input your company fax number!';
            header("Location: ../create_account.php?error=21");
        } else if ($_POST ['pharmacy_website'] == '' || $_POST ['pharmacy_website'] == null) {
            echo 'Please input your company website!';
            header("Location: ../create_account.php?error=23");
        } else if ($_POST ['open_hour'] == '' || $_POST ['open_hour'] == null) {
            echo 'Please input your company open hour!';
            header("Location: ../create_account.php?error=24");
        } else if ($_POST ['close_hour'] == '' || $_POST ['close_hour'] == null) {
            echo 'Please input your company close hour!';
            header("Location: ../create_account.php?error=25");
        } else if ($_POST ['pharmacy_license'] == '' || $_POST ['pharmacy_license'] == null) {
            echo 'Please input your company license!';
            header("Location: ../create_account.php?error=26");
        } else if ($_POST ['pharmacy_name'] == '' || $_POST ['pharmacy_name'] == null) {
            echo 'Please input your company name!';
            header("Location: ../create_account.php?error=14");
        } else if ($_POST ['pharmacy_address'] == '' || $_POST ['pharmacy_address'] == null) {
            $error = 'Please input company Address!';
            header("Location: ../create_account.php?error=15");
        } else if ($_POST ['pharmacy_phone'] == '' || $_POST ['pharmacy_phone'] == null) {
            $error = 'Please input company mobile phone!';
            header("Location: ../create_account.php?error=16");
        } else if ($_POST ['pharmacy_email'] == '' || $_POST ['pharmacy_email'] == null) {
            $error = 'Please input company email!';
            header("Location: ../create_account.php?error=17");
        } else if (!($_SESSION ['security_code'] == $_POST ['security_code'] && !empty($_SESSION ['security_code']))) {
            // Insert you code for processing the form here, e.g emailing the submission, entering it into a database.
            $error = 'Sorry, you have provided an invalid security code!';
            header("Location: ../create_account.php?error=13");
        } else {
            add_seller();
        }
        break;

    case 'edit_user' :
        edit_seller();
        break;

    default :
        header("Location: index.php");
        break;
}

function add_user() {
    $first_name = addslashes($_POST ['first_name']);
    $last_name = addslashes($_POST ['last_name']);
    $title = $_POST ['title'];
    $user_pass = addslashes($_POST ['user_pass']);
    $user_type = (int) $_POST ['accounttype'];
    $mobile = addslashes($_POST ['mobile']);
    $phone = addslashes($_POST ['phone']);
    $email = $_POST ['email'];
    $address = addslashes($_POST ['address']);
    $status = '0';
    $state = $_POST ['txt_state'];
    $country = $_POST ['country_id'];
    $location = $_POST ['selectionDistrict'];
    $newsletter = isset($_POST ['newsletter']) ? $_POST ['newsletter'] : 0;
    $secret_word = isset($_POST ['secret_word']) ? $_POST ['secret_word'] : 0;
    $freeaccount = isset($_POST ['freeaccount']) ? $_POST ['freeaccount'] : '';

    // for record for register and buyer
    $_SESSION ['fname'] = $_POST ['first_name'];
    $_SESSION ['lname'] = $_POST ['last_name'];
    $_SESSION ['title1'] = $_POST ['title'];
    $_SESSION ['pass'] = $_POST ['user_pass'];
    $_SESSION ['cpass'] = $_POST ['confirm_password'];
    $_SESSION ['cmobile'] = $_POST ['mobile'];
    $_SESSION ['cphone'] = $_POST ['phone'];
    $_SESSION ['uemail'] = $_POST ['email'];
    $_SESSION ['caddress'] = $_POST ['address'];
    $_SESSION ['txt_state'] = $_POST ['txt_state'];
    $_SESSION ['selectionDistrict'] = $_POST ['selectionDistrict'];

    $where_user = array(
        Tbluser::email => $email
    );
    $string = select(Tbluser::Tbluser, array(
        Tbluser::email
            ), $where_user);
    if (dbNumRows($string)) {
        header("Location: ../../create_account.php?error=EMAILALEXIST");
        exit();
    } else {
        $getCodGeneration = generateRandomString();


        /* send email to confirm */
        include_once S_ROOT . '/libraryfiles/SendEmail.php';
        $transport = new SendEmail ();
        $name = $first_name . $last_name;
        $header = 'info.neakporn@gmail.com';
        $subjects = "Psarinternet Activation";
        $base = base_url;
        if ($user_type == 2) {
            $BodyHeader = "YOUR ACCOUNT HAS BEEN REGISTER!";
            $BodyMessage = 'Your account is pending, please wait your activation by psarinternet administrator!';
        } else {
            $BodyHeader = "ACTIVATE YOUR ACCOUNT NOW!";
            $BodyMessage = 'Click here to confirm your account: <a href="' . base_url . 'account/confirm.php?confirm=' . $getCodGeneration . '&id=' . $email . '">Active Now!</a> ';
        }
        $transport1 = $transport->SendMail($name, $email, $base, $header, $subjects, $BodyHeader, $BodyMessage);
        /* end send email to confirm */

        if ($transport1 == TRUE) {
            //if (empty($freeaccount)) {
            $com_name = addslashes(@$_POST ['com_name']);
            $com_address = addslashes(@$_POST ['pharmacy_address']);
            $com_phone = addslashes(@$_POST ['pharmacy_phone']);
            $com_fax = addslashes(@$_POST ['pharmacy_fax']);
            $com_email = @$_POST ['pharmacy_email'];
            $com_website = @$_POST ['pharmacy_website'];
            $com_open_hour = @$_POST ['open_hour'];
            $com_close_hour = @$_POST ['close_hour'];
            $com_license = @$_POST ['pharmacy_license'];
            $data_user = array(
                Tbluser::first_name => $first_name,
                Tbluser::last_name => $last_name,
                Tbluser::title => $title,
                Tbluser::user_pass => GenPassword($user_pass),
                Tbluser::user_type_id => $user_type,
                Tbluser::account_type_id => 1,
                Tbluser::mobile => $mobile,
                Tbluser::phone => $phone,
                Tbluser::address => $address,
                Tbluser::state_id => $state,
                Tbluser::country_id => $country,
                Tbluser::location => $location,
                Tbluser::email => $email,
                Tbluser::cdate => strtotime(date('d-m-Y h:i:s')),
                Tbluser::mdate => strtotime(date('d-m-Y h:i:s')),
                Tbluser::status => $status,
                Tbluser::newsletter => $newsletter,
                Tbluser::secret_word => $secret_word,
                Tbluser::activate => $getCodGeneration
            );
            $lastid = insert(Tbluser::Tbluser, $data_user);
            /* end add user by Ngann socheat 2014 */

            /* add company */
            /*check url for unique*/
            $sorturl = strtolower($com_name); // if no sort url
            $sorturl = str_replace(' ', '-', $sorturl);
            $ch_url = select(Tblcompany::tblcompany, array(Tblcompany::shorturl), array(Tblcompany::shorturl=>$sorturl));
            $nums_ch_url = mysql_num_rows($ch_url);
            if(!empty($nums_ch_url)) {
                $sorturl = $sorturl.generateRandomString(1);
            } else {
                $sorturl = $sorturl;
            }
            /*end check url for unique*/
            
            $data_com = array(
                Tblcompany::name => $com_name,
                Tblcompany::address => $com_address,
                Tblcompany::phone => $com_phone,
                Tblcompany::fax => $com_fax,
                Tblcompany::email => $email,
                Tblcompany::website => $com_website,
                Tblcompany::open_hour => $com_open_hour,
                Tblcompany::close_hour => $com_close_hour,
                Tblcompany::license => $com_license,
                Tblcompany::image => @$logo,
                Tblcompany::user_id => $lastid,
                Tblcompany::cdate => strtotime(date('d-m-Y h:i:s')),
                Tblcompany::mdate => strtotime(date('d-m-Y h:i:s')),
                Tblcompany::province_id => $state,
                Tblcompany::status => 1,
                Tblcompany::shorturl => $sorturl,
            );
            $add_company = insert(Tblcompany::tblcompany, $data_com);
            /* end add company by Ngann socheat 2014 */
            //        }
            //        else {
            //            $data_user = array(
            //                Tbluser::first_name => $first_name,
            //                Tbluser::last_name => $last_name,
            //                Tbluser::title => $title,
            //                Tbluser::user_pass => GenPassword($user_pass),
            //                Tbluser::user_type_id => $user_type,
            //                Tbluser::mobile => $mobile,
            //                Tbluser::phone => $phone,
            //                Tbluser::address => $address,
            //                Tbluser::state_id => $state,
            //                Tbluser::country_id => $country,
            //                Tbluser::location => $location,
            //                Tbluser::email => $email,
            //                Tbluser::cdate => strtotime(date('d-m-Y h:i:s')),
            //                Tbluser::mdate => strtotime(date('d-m-Y h:i:s')),
            //                Tbluser::status => $status,
            //                Tbluser::newsletter => $newsletter,
            //                Tbluser::secret_word => $secret_word,
            //                Tbluser::activate => $getCodGeneration
            //            );
            //            $lastid = insert(Tbluser::Tbluser, $data_user);
            //        }
            header('Location: ../login.php?success=USER_NOT_ACTIVATE_YET&email=' . $email);
        } else {
            header('Location: ../login.php?error=USER_CANNOT_CREATE');
        }
    }
}

function Edit_buyer() {
    $first_name = ($_POST ['first_name']);
    $last_name = addslashes($_POST ['last_name']);
    $user_pass = addslashes($_POST ['user_pass']);
    $title = $_POST ['title'];
    $user_pass = addslashes($_POST ['user_pass']);
    $mobile = addslashes($_POST ['mobile']);
    $phone = addslashes($_POST ['phone']);
    $email = $_POST ['email'];
    $region = $_POST ['region'];
    $city = $_POST ['city'];
    $address = addslashes($_POST ['address']);
    $country = $_POST ['country_id'];
    $zip = $_POST ['zip'];

    $st_user = "UPDATE tbluser SET first_name='$first_name',
	last_name='$last_name',
	user_pass='$user_pass',
	title='$title',
	email='$email',
	mobile='$mobile',
	phone='$phone',
	address='$address',
	country_id='$country'
	WHERE tbluser.id=" . $_SESSION ['acc_id'];

    $str_profile = "UPDATE tbluser_profile SET first_name='$first_name',
	last_name='$last_name',
	email='$email',
	mobile='$mobile',
	phone='$phone',
	region='$region',
	address='$address',
	city='$city',
	zip='$zip'
	WHERE
	tbluser_profile.provider=" . $_SESSION ['acc_id'];

    mysql_query($st_user);
    mysql_query($str_profile);
    $success = 'You have successfully edit your profile!';
    header("Location: " . W_ROOT . "/buyer/profile.php?success=$success");
}

function add_seller() {
    $image = uploadPhoto('file_image', 'upload/');
    $logo = $image ['thumbnail'];
    $newsletter = isset($_POST ['newsletter']) ? $_POST ['newsletter'] : '0';

    // for record for register and buyer
    $_SESSION ['fname'] = $_POST ['fname'];
    $_SESSION ['lname'] = $_POST ['lname'];
    $_SESSION ['title1'] = $_POST ['title1'];
    $_SESSION ['pass'] = $_POST ['pass'];
    $_SESSION ['cpass'] = $_POST ['cpass'];
    $_SESSION ['sec_word'] = $_POST ['sec_word'];
    $_SESSION ['cmobile'] = $_POST ['cmobile'];
    $_SESSION ['cphone'] = $_POST ['cphone'];
    $_SESSION ['uemail'] = $_POST ['uemail'];
    $_SESSION ['cemail'] = $_POST ['cemail'];
    $_SESSION ['caddress'] = $_POST ['caddress'];
    $_SESSION ['ccountry'] = $_POST ['ccountry'];
    // for company
    $_SESSION ['pharmacy_name'] = $_POST ['pharmacy_name'];
    $_SESSION ['pharmacy_address'] = $_POST ['pharmacy_address'];
    $_SESSION ['file_image'] = $_FILES ["file_image"];
    $_SESSION ['pharmacy_phone'] = $_POST ['pharmacy_phone'];
    $_SESSION ['pharmacy_fax'] = $_POST ['pharmacy_fax'];
    $_SESSION ['pharmacy_email'] = $_POST ['pharmacy_email'];
    $_SESSION ['pharmacy_website'] = $_POST ['pharmacy_website'];
    $_SESSION ['open_hour'] = $_POST ['open_hour'];
    $_SESSION ['pharmacy_license'] = $_POST ['pharmacy_license'];
    $_SESSION ['location'] = $_POST ['location'];
    $_SESSION ['open_hour'] = $_POST ['open_hour'];
    $_SESSION ['close_hour'] = $_POST ['close_hour'];
    // end for record for register and buyer

    $string = "SELECT email FROM tbluser WHERE email='" . $_POST ['uemail'] . "'";
    $result = mysql_query($string);

    if (dbNumRows($result)) {
        $error = 'Sorry, This email have already register!';
        header("Location: create_account.php?error=$error");
    } else {

        $query = "INSERT INTO tbluser(first_name,last_name,title,user_pass,mobile,phone,email,address,cdate,mdate,user_type_id,account_type_id,country_id,status,newsletter, secret_word
				)VALUES(
				'" . $_POST ['fname'] . "',
						'" . $_POST ['lname'] . "',
								'" . $_POST ['title1'] . "',
										'" . $_POST ['pass'] . "',
												'" . $_POST ['cmobile'] . "',
														'" . $_POST ['cphone'] . "',
																'" . $_POST ['uemail'] . "',
																		'" . $_POST ['caddress'] . "',
																				now(), now(),
																				2,
																				1,
																				'" . $_POST ['ccountry'] . "',
																				0,
																				$newsletter,
																				'" . $_POST ['sec_word'] . "'
																						)";
        mysql_query($query);
        $lastId = mysql_insert_id();
        $s_insert = mysql_query("INSERT INTO tbl_style (by_company_id, columns, images,type_img, sitename, site_tagline, timezone, language) VALUE ($lastId, '2col_l', 'no-banner.gif', 1, 'Your site name', 'discription of your site', 'UTC+7','en')");

        $sorturl = strtolower($_POST ['pharmacy_name']); // if no sort url
        $sorturl = str_replace(' ', '-', $sorturl);
        $query1 = "INSERT INTO tblpharmacy (pharmacy_name, address, phone, fax, email, website, open_hour, close_hour, license, pharmacy_image, user_id, province_id, cdate, mdate, status, shorturl)
				VALUES(
				'" . $_POST ['pharmacy_name'] . "',
						'" . $_POST ['pharmacy_address'] . "',
								'" . $_POST ['pharmacy_phone'] . "',
										'" . $_POST ['pharmacy_fax'] . "',
												'" . $_POST ['pharmacy_email'] . "',
														'" . $_POST ['pharmacy_website'] . "',
																'" . $_POST ['open_hour'] . "',
																		'" . $_POST ['close_hour'] . "',
																				'" . $_POST ['pharmacy_license'] . "',
																				'$logo',$lastId,
																				'" . $_POST ['location'] . "',
																						now(),now(),1,
																						'" . $sorturl . "'
																								)";
        mysql_query($query1);

        if ($_POST ['title1'] == "Mr.") {
            $gender = "Male";
        }
        if ($_POST ['title1'] == "Mrs." || $_POST ['title1'] == "Miss.") {
            $gender = "Female";
        }
        $add_to_prfil = "INSERT INTO tbluser_profile (
		provider,
		email,
		first_name,
		last_name,
		gender,
		phone,
		mobile,
		address,
		country)
		VALUES (
		'$lastId',
		'" . $_POST ['uemail'] . "',
				'" . $_POST ['fname'] . "',
						'" . $_POST ['lname'] . "',
						'$gender',
						'" . $_POST ['cphone'] . "',
								'" . $_POST ['cmobile'] . "',
										'" . $_POST ['caddress'] . "',
												'" . $_POST ['ccountry'] . "' ) ";
        $query_d = mysql_query($add_to_prfil);
        header('Location: ' . W_ROOT . '/includefiles/email/send_email.php?email=' . $_POST ['uemail'] . '&fname=' . $_POST ['fname'] . '&lname=' . $_POST ['lname'] . '&id=' . $lastId);
    }
}

function uploadPhoto($inputName, $uploadDir) {
    if (!empty($_FILES [$inputName])) {
        $image = $_FILES [$inputName];
        $imagePath = '';
        $thumbnailPath = '';

        // if a file is given
        if (trim($image ['tmp_name']) != '') {
            $ext = substr(strrchr($image ['name'], "."), 1); // $extensions[$image['type']];
            // generate a random new file name to avoid name conflict
            $imagePath = $image ['name'];

            list ( $width, $height, $type, $attr ) = getimagesize($image ['tmp_name']);
            if (true && $width > 500) {
                $result = createThumbnail($image ['tmp_name'], $uploadDir . $imagePath, 500);
                $imagePath = $result;
            } else {
                $result = move_uploaded_file($image ['tmp_name'], $uploadDir . $imagePath);
            }

            if ($result) {
                // create thumbnail
                $thumbnailPath = md5(rand() * time()) . ".$ext";
                $size = getimagesize($uploadDir . $imagePath);
                if ($size [0] > 100)
                    $result = createThumbnail($uploadDir . $imagePath, $uploadDir . $thumbnailPath, 100);
                else {
                    copy($uploadDir . $imagePath, $uploadDir . $thumbnailPath);
                    $result = basename($uploadDir . $thumbnailPath);
                }

                // create thumbnail failed, delete the image
                if (!$result) {
                    unlink($uploadDir . $imagePath);
                    $imagePath = $thumbnailPath = '';
                } else {
                    $thumbnailPath = $result;
                }
            } else {
                // the product cannot be upload / resized
                $imagePath = $thumbnailPath = '';
            }
        }
        return array(
            'image' => $imagePath,
            'thumbnail' => $thumbnailPath
        );
    }
}

function createThumbnail($srcFile, $destFile, $width, $quality = 75) {
    $thumbnail = '';

    if (file_exists($srcFile) && isset($destFile)) {
        $size = getimagesize($srcFile);
        $w = number_format($width, 0, ',', '');
        $h = number_format(($size [1] / $size [0]) * $width, 0, ',', '');

        $thumbnail = copyImage($srcFile, $destFile, $w, $h, $quality);
    }

    // return the thumbnail file name on sucess or blank on fail
    return basename($thumbnail);
}

function copyImage($srcFile, $destFile, $w, $h, $quality = 75) {
    $tmpSrc = pathinfo(strtolower($srcFile));
    $tmpDest = pathinfo(strtolower($destFile));
    $size = getimagesize($srcFile);

    if ($tmpDest ['extension'] == "gif" || $tmpDest ['extension'] == "jpg") {
        $destFile = substr_replace($destFile, 'jpg', - 3);
        $dest = imagecreatetruecolor($w, $h);
        imageantialias($dest, TRUE);
    } elseif ($tmpDest ['extension'] == "png") {
        $dest = imagecreatetruecolor($w, $h);
        imageantialias($dest, TRUE);
    } else {
        return false;
    }

    switch ($size [2]) {
        case 1 : // GIF
            $src = imagecreatefromgif($srcFile);
            break;
        case 2 : // JPEG
            $src = imagecreatefromjpeg($srcFile);
            break;
        case 3 : // PNG
            $src = imagecreatefrompng($srcFile);
            break;
        default :
            return false;
            break;
    }

    imagecopyresampled($dest, $src, 0, 0, 0, 0, $w, $h, $size [0], $size [1]);

    switch ($size [2]) {
        case 1 :
        case 2 :
            imagejpeg($dest, $destFile, $quality);
            break;
        case 3 :
            imagepng($dest, $destFile);
    }
    return $destFile;
}

function edit_seller() {
    $user_type = (int) $_POST ['accounttype'];
    $first_name = addslashes($_POST ['first_name']);
    $last_name = addslashes($_POST ['last_name']);
    $phone = $_POST ['phone'];
    $mobile = $_POST ['mobile'];
    $address = addslashes($_POST ['address']);
    $email = $_POST ['email'];
    $state = $_POST ['txt_state'];
    $country = $_POST ['country_id'];
    $location = $_POST ['selectionDistrict'];
    $zip = @$_POST ['zip'];
    $pharmacy_name = addslashes(@$_POST['pharmacy_name']);
    $image = uploadPhoto('logo_image', 'upload/');
    $logo = $image ['thumbnail'];
    $pharmacy_address = addslashes(@$_POST ['pharmacy_address']);
    $pharmacy_provinceid = @$_POST['location'];
    $pharmacy_phone = @$_POST['pharmacy_phone'];
    $pharmacy_fax = @$_POST ['pharmacy_fax'];
    $pharmacy_email = @$_POST ['pharmacy_email'];
    $pharmacy_website = addslashes(@$_POST ['pharmacy_website']);
    $pharmacy_license = @$_POST['pharmacy_license'];
    $newsletter = isset($_POST ['newsletter']) ? $_POST ['newsletter'] : '0';

    $SET = array(
        Tbluser::first_name => $first_name,
        Tbluser::last_name => $last_name,
        Tbluser::address => $address,
        Tbluser::mobile => $mobile,
        Tbluser::newsletter => $newsletter,
        Tbluser::email => $email,
        Tbluser::phone => $phone,
        Tbluser::country_id => $country,
        Tbluser::state_id => $state,
        Tbluser::location => $location,
    );
    $user_up = update(Tbluser::Tbluser, $SET, array(Tbluser::id => $_SESSION ['acc_id']));

    if ($user_type == 2) {
        $SET_COM = array(
            Tblcompany::name => $pharmacy_name,
            Tblcompany::image => $logo,
            Tblcompany::address => $pharmacy_address,
            Tblcompany::province_id => $state,
            Tblcompany::phone => $pharmacy_phone,
            Tblcompany::fax => $pharmacy_fax,
            Tblcompany::email => $pharmacy_email,
            Tblcompany::website => $pharmacy_website,
            Tblcompany::license => $pharmacy_license,
        );
        $str1 = update(Tblcompany::tblcompany, $SET_COM, array(Tblcompany::user_id => $_SESSION ['acc_id']));
    }
    
    $_SESSION['province_id'] = $state;
    $backto = @$_POST['backto'];
    if (!empty($backto)) {
        header("location: " . $backto);
        exit();
    } else {
        header("location: " . base_url . "account/?success=USER_EIT_PROFILE_SUCCESS");
        exit();
    }
}

function generateRandomString($length = 50) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters [rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}